[Samba] SMB protocol security flaw

Tony Earnshaw tonye at billy.demon.nl
Thu Mar 17 15:39:40 GMT 2005


It's (possible|probable) that the above was included in the list postings
in February last; at that time I hadn't even begun with Samba (use it in
production now :). If so,please point me at the archives, if not, could
someone please comment?

>From the last SANS NewsBites (apologies for the line break in the URL for
those using 76-character text MMUAs):

 --SMB Protocol Flaw Patch Not Readily Available for NT 4.0
(11 March 2005)
On February 8, 2005, Microsoft released an advisory for a vulnerability
in the server message block (SMB) protocol in Windows that could allow
an attacker to take control of vulnerable servers.  However, Microsoft
released patches for only more recent versions of Windows; there was no
patch for Windows NT 4.0, as the company stopped officially supporting
it on December 31, 2004.  Microsoft does have a patch for NT 4.0
customers who have paid for extended support.  Users could enable SMB
signing as some form of protection; Microsoft is encouraging users to
upgrade to Server 2003 for security reasons.



mail: tonye at billy.demon.nl

More information about the samba mailing list